| 基于API HOOK技术的特洛伊木马攻防研究 |
| |
| 引用本文: | 康治平,向宏,傅鹂.基于API HOOK技术的特洛伊木马攻防研究[J].信息安全与通信保密,2007(2):145-148. |
| |
| 作者姓名: | 康治平 向宏 傅鹂 |
| |
| 作者单位: | 重庆大学软件学院,重庆,400044 |
| |
| 基金项目: | 国家电子政务等级保护试点工作 |
| |
| 摘 要: | 文章首先对Windows下的API HOOK技术进行分析研究,并将该技术运用于特洛伊木马的属性隐藏中。然后在此基础上实现了一个基于API HOOK技术的内核级木马。通过实验测试,该木马达到了较好的隐藏效果,可以避开目前大多数检测工具的检测。最后,讨论了基于API HOOK技术的特洛伊木马的检测技术。
|
| 关 键 词: | 特洛伊木马 API HOOK技术 隐藏技术 木马攻防技术 |
| 文章编号: | 1009-8054(2007)02-0145-04 |
| 修稿时间: | 2006年8月28日 |
Attack and Defence on API HOOK Technology of Trojan Horse |
| |
| KANG Zhiping,XIANG Hong,FU Li.Attack and Defence on API HOOK Technology of Trojan Horse[J].China Information Security,2007(2):145-148. |
| |
| Authors: | KANG Zhiping XIANG Hong FU Li |
| |
| Abstract: | Firstly, the paper analyzes the application programming interface HOOK(API HOOK) technology of Windows, and apply the technology on the concealment of the Trojan horse. Then a kernel level prototype of Trojan horse based on API HOOK is designed. The experiment results show that the prototype has verified the validity of the techniques of avoiding real-time detection and network covert channels. Finally, the current detection technology of Trojan horse based API HOOK it presented. |
| |
| Keywords: | Trojan horse API HOOK technology Concealing technology Attack and defence of Trojan horse |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
